Vulnerability Details : CVE-2022-42799
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.
Products affected by CVE-2022-42799
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42799
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42799
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2022-42799
-
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-42799
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
[SECURITY] Fedora 36 Update: webkit2gtk3-2.38.2-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5273
Debian -- Security Information -- DSA-5273-1 webkit2gtkThird Party Advisory
-
https://support.apple.com/en-us/HT213489
About the security content of iOS 16.1 and iPadOS 16 - Apple SupportRelease Notes;Vendor Advisory
-
https://security.gentoo.org/glsa/202305-32
WebKitGTK+: Multiple Vulnerabilities (GLSA 202305-32) — Gentoo security
-
https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html
[SECURITY] [DLA 3183-1] webkit2gtk security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
[SECURITY] Fedora 35 Update: webkit2gtk3-2.38.2-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/11/04/4
oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
[SECURITY] Fedora 37 Update: webkitgtk-2.38.2-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://support.apple.com/en-us/HT213488
About the security content of macOS Ventura 13 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT213492
About the security content of tvOS 16.1 - Apple SupportRelease Notes;Vendor Advisory
-
https://www.debian.org/security/2022/dsa-5274
Debian -- Security Information -- DSA-5274-1 wpewebkitThird Party Advisory
-
https://support.apple.com/en-us/HT213495
About the security content of Safari 16.1 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT213491
About the security content of watchOS 9.1 - Apple SupportRelease Notes;Vendor Advisory
Jump to